CRITICAL🇵🇱 Wersja polska

CVE-2024-36072

CVSS 9.8v3.1pub. 2024-06-27upd. 2026-04-15

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges.

🤖 AI Analysis
How it works

The vulnerability exists in the login component of the Endpoint Protector and Unify application server. An unauthenticated attacker remotely sends a specially crafted request to the vulnerable server. The login component processes it in an insecure manner, resulting in the execution of arbitrary system commands. These commands are executed with root privileges, meaning the highest possible permissions in the system.

Impact

An attacker gains full control over the server with root privileges, enabling data reading, modification and deletion, malicious software installation, and further lateral movement within the organization's network.

Mitigation & patch

Apply patches available from the vendor according to references (Netwrix Help Center: kA0Qk0000001E5lKAE). Immediate update to versions higher than 5.9.3 (Endpoint Protector) and 7.0.6 (Unify) is recommended, as well as restricting network access to the application server only to trusted hosts.

Who is affected

Netwrix CoSoSys Endpoint Protector in versions up to and including 5.9.3 and CoSoSys Unify in versions up to and including 7.0.6.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References